Our WSUS server, on Server 2012R2, has me stumped. It was answering update requests up until about 2 weeks back via SSL (port 8531); now I can only get http requests to work on port 8530. I would like to get SSL-encrypted connections working again if we can.
The server is listening for http requests on port 8530 and https requests on 8531. I can go to URL https://mywsus.ad.domain:8531/ClientWebService/client.asmx or https://mywsus.domain:8531/ClientWebService/client.asmx in Internet Explorer and get a successful connection and response. (The certificate installed in IIS on the WSUS server has both mywsus.ad.domain and mywsus.domain in the cert to avoid issues if the webserver is accessed by either name.) The certificate being used by IIS is not expired and was issued by our ADCS server; the CA certificate is distributed to the Trusted Root Certificates certificate store for the local machine for both the WSUS server and all the clients.
If I configure all the services to NOT require SSL, run "wsusutil configuressl mywsus", then change the GPO that configures the Windows Update server to use http://mywsus.ad.domain:8530/ for both update service and WU statistics server, the Windows Update client will connect to the WSUS server fine.
If I configure the IIS WSUS services ApiRemoteing30, ClientWebService, DssAuthWebService, ServerSyncWebService and SimpleAuthWebService to require SSL, run "wsusutil configuressl mywsus.ad.domain", and change the WU GPO URLs to https://mywsus.ad.domain:8531/, the Windows Update clients will no longer connect to the WSUS server.
Any suggestions would be appreciated. The most common cause I have found so far was forgetting to put the port number in the URL, but that is not the case here.
Below is a snippet from C:\Windows\WindowsUpdate.log from one of our client computers having problems connecting to the WSUS server; this is where the infamous 80244019 error starts appearing.
2016-06-14 17:07:16:026 1176 1ad0 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2016-06-14 17:07:16:026 1176 1ad0 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = https://mywsus.ad.domain:8531/ClientWebService/client.asmx
2016-06-14 17:07:17:586 1176 1ad0 PT WARNING: SyncUpdates failure, error = 0x80244019, soap client error = 10, soap error code = 0, HTTP status code = 404
2016-06-14 17:07:17:586 1176 1ad0 PT WARNING: PTError: 0x80244019
2016-06-14 17:07:17:586 1176 1ad0 PT WARNING: SyncUpdates_WithRecovery failed.: 0x80244019
2016-06-14 17:07:17:586 1176 1ad0 PT WARNING: Sync of Updates: 0x80244019
2016-06-14 17:07:17:586 1176 1ad0 PT WARNING: SyncServerUpdatesInternal failed: 0x80244019
2016-06-14 17:07:17:586 1176 1ad0 Agent * WARNING: Failed to synchronize, error = 0x80244019
2016-06-14 17:07:17:586 1176 1ad0 Agent * WARNING: Exit code = 0x80244019
2016-06-14 17:07:17:586 1176 1ad0 Agent *********
2016-06-14 17:07:17:586 1176 1ad0 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2016-06-14 17:07:17:586 1176 1ad0 Agent *************
2016-06-14 17:07:17:586 1176 1ad0 Agent WARNING: WU client failed Searching for update with error 0x80244019
2016-06-14 17:07:17:586 1176 2844 AU >>## RESUMED ## AU: Search for updates [CallId = {1673ADB5-43EA-4CE6-AA94-99DF3323A97A}]
2016-06-14 17:07:17:586 1176 2844 AU # WARNING: Search callback failed, result = 0x80244019
2016-06-14 17:07:17:586 1176 2844 AU # WARNING: Failed to find updates with error code 80244019
2016-06-14 17:07:17:586 1176 2844 AU #########
2016-06-14 17:07:17:586 1176 2844 AU ## END ## AU: Search for updates [CallId = {1673ADB5-43EA-4CE6-AA94-99DF3323A97A}]
2016-06-14 17:07:17:586 1176 2844 AU #############